Improved Policies Make Testing and Compliance Even Easier

Updated on December 19, 2017 by Greg Pollock

UpGuard's "three waves" methodology helps businesses achieve digital maturity through a three step process: gain visibility, establish test driven infrastructure, and then automate what you can also validate. In our last release we focused on improving visibility with an improved data visualization, a search engine, and group differencing. Now we've revisited our testing platform to make both incremental improvements and fundamental changes.

We talk about this a lot, but it's hard to understate how valuable automated testing can be. An immense amount of human labor is expended every day doing tasks that humans as a species are not especially good at. Computers are both faster and more accurate– that's common sense and the result we find time and again in our case studies. Perhaps more importantly, rote testing is a bad way for a human to spend his or her life. People should do creative jobs where they solve problems by thinking and interacting with their fellow homo sapiens. One of the reasons we created UpGuard is to make the power of automated testing accessible to everyone, and this release is a major milestone in that mission.

Policies are now coupled more tightly with node scans, giving you one interface to see exactly how a node is configured, how it's changing, and how compliant it is with your operational or security standards. I can see every item that has changed and whether that change has violated one of my policies. If I want to create a policy, it only takes a few click and I've got a test that will run continuously to validate my environment. Policies can, of course, include variables, useful for items like hostnames or IP addresses, and they can be set as granularly or inclusively as desired.

Screen Shot 2017-05-04 at 9.57.21 AM.png

Because policies are created from and stored in the same data structure as node scans, there are no restrictions on what node types can be validated by policies. UpGuard already scans servers, network devices, cloud apps, and more. Now our policy platform provides the ability to validate configurations for any of them through the same interface without writing a line of code. 

Best of all, the new architecture improves policies' performance for enterprise scale deployments. Validating state for hundreds or thousands of items per node across thousands of nodes happens simultaneously with node scanning. We believe that not only must testing become more widespread as a practice, it must only become much deeper in scope. Our new architecture starts from the data structure up to achieve those goals.

While the node visualization lets you dig deep into the state of an individual node, improved policy reports provide a way to explore high level compliance status across groups. A policy report can give you the latest results, highlighting what checks are failing and where, or provide historical data for trends in compliance. Because UpGuard maintains a system of record for configuration state, you can even run policies retroactively. We've called UpGuard a time machine for your infrastructure before because it allows you to revisit scans from previous days and diff across time, but now we've taken it to the next level. You can now determine your compliance posture for any policy for any point in time when UpGuard was running, even if the policy was not yet active. That's right: when a new regulatory standard hits, you can demonstrate that you were compliant before it even existed.  

Screen Shot 2017-05-04 at 9.54.56 AM.png

As with all our features, policies are included in our standard offering. If you're manually testing configurations, or even spending a significant amount of time writing tests in code, your life is about to get a lot easier and your systems more reliable. See how UpGuard automates industry standard benchmarks like the Center for Internet Security's critical security controls.

See UpGuard in action with a live demo

More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >